VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Description

This control verifies if AWS CodeBuild source credentials include personal access tokens or basic authentication credentials (username and password). It is applicable only to credentials for GitHub or Bitbucket sources, as only these sources support insecure repository access methods.

Using personal access tokens or basic authentication may lead to unintended data exposure or unauthorized access. Secure methods to access source respositories include AWS CodeConnections, AWS Secrets Manager, or OAuth.

Remediation

For guidance on updating CodeBuild source provider settings, refer to the Access your source provider in CodeBuild section of the AWS CodeBuild User Guide.